1# 2# DTrace OneLiners Examples 3# 4 5### New processes with arguments, 6 7# dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' 8dtrace: description 'proc:::exec-success ' matched 1 probe 9CPU ID FUNCTION:NAME 10 0 3297 exec_common:exec-success man ls 11 0 3297 exec_common:exec-success sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |neqn /usr/share/lib/pub/ 12 0 3297 exec_common:exec-success tbl /usr/share/man/man1/ls.1 13 0 3297 exec_common:exec-success neqn /usr/share/lib/pub/eqnchar - 14 0 3297 exec_common:exec-success nroff -u0 -Tlp -man - 15 0 3297 exec_common:exec-success col -x 16 0 3297 exec_common:exec-success sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 2> /d 17 0 3297 exec_common:exec-success /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 18 0 3297 exec_common:exec-success sh -c more -s /tmp/mpzIaOZF 19 0 3297 exec_common:exec-success more -s /tmp/mpzIaOZF 20 21 22### Files opened by process, 23 24# dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 25dtrace: description 'syscall::open*:entry ' matched 2 probes 26CPU ID FUNCTION:NAME 27 0 14 open:entry gnome-netstatus- /dev/kstat 28 0 14 open:entry man /var/ld/ld.config 29 0 14 open:entry man /lib/libc.so.1 30 0 14 open:entry man /usr/share/man/man.cf 31 0 14 open:entry man /usr/share/man/windex 32 0 14 open:entry man /usr/share/man/man1/ls.1 33 0 14 open:entry man /usr/share/man/man1/ls.1 34 0 14 open:entry man /tmp/mpqea4RF 35 0 14 open:entry sh /var/ld/ld.config 36 0 14 open:entry sh /lib/libc.so.1 37 0 14 open:entry neqn /var/ld/ld.config 38 0 14 open:entry neqn /lib/libc.so.1 39 0 14 open:entry neqn /usr/share/lib/pub/eqnchar 40 0 14 open:entry tbl /var/ld/ld.config 41 0 14 open:entry tbl /lib/libc.so.1 42 0 14 open:entry tbl /usr/share/man/man1/ls.1 43 0 14 open:entry nroff /var/ld/ld.config 44[...] 45 46 47### Syscall count by program, 48 49# dtrace -n 'syscall:::entry { @num[execname] = count(); }' 50dtrace: description 'syscall:::entry ' matched 228 probes 51^C 52 snmpd 1 53 utmpd 2 54 inetd 2 55 nscd 7 56 svc.startd 11 57 sendmail 31 58 poold 133 59 dtrace 1720 60 61 62### Syscall count by syscall, 63 64# dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' 65dtrace: description 'syscall:::entry ' matched 228 probes 66^C 67 fstat 1 68 setcontext 1 69 lwp_park 1 70 schedctl 1 71 mmap 1 72 sigaction 2 73 pset 2 74 lwp_sigmask 2 75 gtime 3 76 sysconfig 3 77 write 4 78 brk 6 79 pollsys 7 80 p_online 558 81 ioctl 579 82 83 84### Syscall count by process, 85 86# dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' 87dtrace: description 'syscall:::entry ' matched 228 probes 88^C 89 1109 svc.startd 1 90 4588 svc.startd 2 91 7 svc.startd 2 92 3950 svc.startd 2 93 1626 nscd 2 94 870 svc.startd 2 95 82 nscd 6 96 5011 sendmail 10 97 6010 poold 74 98 8707 dtrace 1720 99 100 101### Read bytes by process, 102 103# dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' 104dtrace: description 'sysinfo:::readch ' matched 4 probes 105^C 106 107 mozilla-bin 16 108 gnome-smproxy 64 109 metacity 64 110 dsdm 64 111 wnck-applet 64 112 xscreensaver 96 113 gnome-terminal 900 114 ttymon 5952 115 Xorg 17544 116 117 118### Write bytes by process, 119 120# dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' 121dtrace: description 'sysinfo:::writech ' matched 4 probes 122^C 123 124 dtrace 1 125 gnome-settings-d 8 126 xscreensaver 8 127 gnome-panel 8 128 nautilus 8 129 date 29 130 wnck-applet 120 131 bash 210 132 mozilla-bin 1497 133 ls 1947 134 metacity 3172 135 Xorg 7424 136 gnome-terminal 51955 137 138 139### Read size distribution by process, 140 141# dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' 142dtrace: description 'sysinfo:::readch ' matched 4 probes 143^C 144[...] 145 gnome-terminal 146 value ------------- Distribution ------------- count 147 16 | 0 148 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 15 149 64 |@@@ 1 150 128 | 0 151 152 Xorg 153 value ------------- Distribution ------------- count 154 -1 | 0 155 0 |@@@@@@@@@@@@@@@@@@@ 26 156 1 | 0 157 2 | 0 158 4 | 0 159 8 |@@@@ 6 160 16 |@ 2 161 32 |@ 2 162 64 | 0 163 128 |@@@@@@@@ 11 164 256 |@@@ 4 165 512 | 0 166 167 168### Write size distribution by process, 169 170# dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' 171dtrace: description 'sysinfo:::writech ' matched 4 probes 172^C 173[...] 174 Xorg 175 value ------------- Distribution ------------- count 176 16 | 0 177 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 169 178 64 |@@@ 16 179 128 |@@ 10 180 256 | 0 181 182 gnome-terminal 183 value ------------- Distribution ------------- count 184 0 | 0 185 1 |@@ 6 186 2 | 0 187 4 | 0 188 8 | 1 189 16 |@ 2 190 32 |@@@ 7 191 64 | 0 192 128 |@@@@@@@@@@@@@@@@@@@@@@@ 63 193 256 |@@@@ 10 194 512 | 1 195 1024 |@@@@@ 13 196 2048 |@ 2 197 4096 |@@@ 7 198 199 200### Disk size by process, 201 202# dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' 203 0 3271 bdev_strategy:start 16459 tar 1024 204 0 3271 bdev_strategy:start 16459 tar 1024 205 0 3271 bdev_strategy:start 16459 tar 2048 206 0 3271 bdev_strategy:start 16459 tar 1024 207 0 3271 bdev_strategy:start 16459 tar 1024 208 0 3271 bdev_strategy:start 16459 tar 1024 209 0 3271 bdev_strategy:start 16459 tar 8192 210 0 3271 bdev_strategy:start 16459 tar 8192 211 0 3271 bdev_strategy:start 16459 tar 16384 212 0 3271 bdev_strategy:start 16459 tar 2048 213 0 3271 bdev_strategy:start 16459 tar 1024 214 0 3271 bdev_strategy:start 16459 tar 1024 215 216 217### Pages paged in by process, 218 219# dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' 220dtrace: description 'vminfo:::pgpgin ' matched 1 probe 221^C 222 223 ttymon 1 224 bash 1 225 mozilla-bin 36 226 tar 6661 227 228 229### Minor faults by process, 230 231# dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' 232dtrace: description 'vminfo:::as_fault ' matched 1 probe 233^C 234 235 mozilla-bin 18 236 dtrace 57 237 find 64 238 bash 150 239 tar 501 240 241 242### Interrupts by CPU, 243 244# dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' 245dtrace: description 'sdt:::interrupt-start ' matched 1 probe 246^C 247 248 513 2 249 515 4 250 3 39 251 2 39 252 253 254### New processes with arguments and time, 255 256# dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' 2572005 Apr 25 19:15:09 man ls 2582005 Apr 25 19:15:09 sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |... 2592005 Apr 25 19:15:09 neqn /usr/share/lib/pub/eqnchar - 2602005 Apr 25 19:15:09 tbl /usr/share/man/man1/ls.1 2612005 Apr 25 19:15:09 nroff -u0 -Tlp -man - 2622005 Apr 25 19:15:09 col -x 2632005 Apr 25 19:15:10 sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpRZaqTF /usr/s... 2642005 Apr 25 19:15:10 /usr/bin/mv -f /tmp/mpRZaqTF /usr/share/man/cat1/ls.1 2652005 Apr 25 19:15:10 sh -c more -s /tmp/mpRZaqTF 2662005 Apr 25 19:15:10 more -s /tmp/mpRZaqTF 267[...] 268 269 270### Successful signal details, 271 272# dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' 273dtrace: description 'proc:::signal-send ' matched 1 probe 274CPU ID FUNCTION:NAME 275 0 3303 sigtoproc:signal-send bash -15 16442 276 0 3303 sigtoproc:signal-send bash -9 16443 277^C 278 279 280### Kernel function calls by module, 281 282# dtrace -n 'fbt:::entry { @calls[probemod] = count(); }' 283dtrace: description 'fbt:::entry ' matched 18437 probes 284^C 285 286 devfs 2 287 ptm 2 288 ipf 5 289 pts 5 290 ttcompat 9 291 ptem 9 292 ldterm 23 293 ipgpc 24 294 ufs 24 295 ata 25 296 sockfs 27 297 gld 32 298 rtls 34 299 flowacct 38 300 specfs 50 301 ip 84 302 TS 92 303 uhci 101 304 uppc 1758 305 unix 6347 306 genunix 10023 307 308